Udemy Business

Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Deep dive Sonar Cloud & integration with Azure DevOps

Name: Deep dive Sonar Cloud & integration with Azure DevOps
Rating: 3.9 (16 reviews)

Tools: IAR Compiler, Azure DevOps, Sonar cloud, Programming language is Embedded C, YAML file, Static code analysis

Created byNagarathna T

Last updated 2/2022

English

What you'll learn

Introduction to Static code analysis
Work flow of Static Code Analysis
Introduction to Sonarcloud
Deep dive in to Sonar cloud including administration, Quality gates, quality profiles, Pull request Decoration etc
Detailed steps to integrate sonar cloud with Azure Pipeline in Embedded domain
Sonar cloud integration on Azure DevOps, mainly for embedded C language , IAR compiler
IAR Build integration with Sonar cloud configuration steps
Challenges faced in this Integrations, Limitations and lessons learnt

Course content

6 sections • 55 lectures • 4h 5m total length

Introduction - agenda0:52
•Static code analysis is a method of debugging by examining source code before a program is run. It’s done by analyzing a set of code against a set (or multiple sets) of coding rules.
•This type of analysis addresses weaknesses in source code that might lead to vulnerabilities.
•Static analysis is commonly used to comply with coding guidelines — such as MISRA. And it’s often used for complying with industry standards — such as ISO 26262.
What is Static Code Analysis2:40
•Static code analysis is a method of debugging by examining source code before a program is run. It’s done by analyzing a set of code against a set (or multiple sets) of coding rules.
•This type of analysis addresses weaknesses in source code that might lead to vulnerabilities.
•Static analysis is commonly used to comply with coding guidelines — such as MISRA. And it’s often used for complying with industry standards — such as ISO 26262.
Things to consider while choosing SCA Tools9:17
•Sonar cloud/ Sonar qube
•Perforce Klocwork
•Codesonar
•Coverity
•Fortify etc
Why we need SCA Tools2:21
SCA tools advantages2:51

Work Flow in Azure DevOps3:47
Azure DevOps Integration with Sonar Cloud6:12
Azure DevOps Integration with Sonar Cloud - Continued6:21
YAML File - Azure DevOps Integration with Sonar Cloud3:29
Service Connection creation in azure devops for sonar cloud3:40
Sonar cloud service endpoint - Feed data in Azure pipelines (GUI/YAML)1:48
Steps required for sonar integration in Azure pipeline for C projects2:14
Buildwrapper2:50
Build wrapper and Power shell script - conclusion7:04
Sonar project properties6:20
Importing Azure DevOps Organization and key2:27
Find and Feed Organization attribute in Azure pipeline (GUI/YAML)1:56
Sonar project key from sonar cloud project to feed in sonar-project properties1:11
Compile - Build batch file for IAR compiler4:52
Sonar cloud integration with Azure DevOps - last 2 steps required1:44
Azure Pipelines YML file8:50
Triggering Pipeline Demo and conclusion8:55

Sonar cloud login steps for azure devops1:08
Creating an Organization in Sonar cloud0:59
Creating an Organization in Sonar cloud Continued3:30
Creating an Organization in Sonar cloud Manually - Continued3:57
Sonar organization and project key for prepare analysis config step12:14
Manual Project creation sonar cloud for local - conclusion3:04
Sonar cloud - Rules6:22
Quality Profiles5:59
Creating a Quality profile - Copy mode5:26
Creating a Quality profile - Extended mode9:05
Quality Profiles Conclusion3:06
Quality Gates Introduction2:27
Basic Terminologies - Bugs, Code smells, Code coverage, Vulnerability3:20
Quality Gates Creation - demo6:32
Quality Gates Conclusion5:09
Pull Request Decoration for Azure DevOps services Intro2:35
Pull Request Decoration for Azure DevOps services - Configuration Demo1:41
Sonar Cloud and Sonar Qube Differences1:03
Demo | Sonar project creation and scanning the project manually23:22

Requirements

Introduction on SDLC will be good.
Introduction to any build tool and a development environment will also helpful to understand course in deeper way
No Programming experience needed, will cover in detail about each step required.

Description

In this course, we are going to see how to integrate Sonar cloud analysis tool in MS Azure pipelines for Embedded C.

To integrate sonar build wrapper is used and a small power shell script written to download this build wrapper.

Creating IAR Compiler batch files for making build with sonar cloud scanner.

YAML file creation for Build pipeline with detailed sonar cloud configuration steps.

Local Build agent is created and used for build pipelines. (Not a hosted agent)

Understanding and analyzing sonar cloud reports.

How to create a quality profiles?

How to create quality gates?

Walk through on Administration and settings.

Pull request decoration for auto comment in Pull request (in your Build pipeline).

Terminology understanding including code smells, Vulnerabilities , static code analysis (SCA) , build pipeline etc.

Focused more on version controlling of complete CI integration.

Will walkthrough on different SCA tools available and what need to be considered when we choose a SCA tool.

Will discuss on Challenges faced , limitations of these tools and lessons learnt.

Difference between sonar cloud and sonarqube.

Work flow on the sonar cloud integration with Azure DevOps services.

Shift left testing and SCA advantages.

Will walkthrough on the sonar cloud creating project manually and scanning the project manually.

sonarcloud website walkthrough

Who this course is for:

Freshers who wants to learn about sonar cloud integration with Azure DevOps
Embedded software developers
Application Software developers
DevOps Engineers
Beginner who are curious about DevOps, Static code analysis tools

Deep dive Sonar Cloud & integration with Azure DevOps

What you'll learn

Explore related topics

Course content

Introduction5 lectures • 18min

Section 2: WorkFlow & Sonarcloud Integration steps with Azure pipeline -indetail17 lectures • 1hr 14min

Sonar Cloud Deep dive19 lectures • 1hr 31min

Limitations, Lessons learnt and best practices4 lectures • 11min

Sonar - New code settings (new)5 lectures • 40min

Summary5 lectures • 12min

Requirements

Description

Who this course is for: